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AMENDMENTS TO THE CLAIMS 
1 -55 (Previously Canceled) 

56. (Currently Amended) A method of author i z i ng a portab l e commun i cat i on 
d e v i c e to acc e ss a n e twor l < r e sourc e managing access to network resources , the 
method being performed at-by_a network management system in communication with 
tt^e-a^portable communication device via a network, the method comprising: 

receiving, at a communications port of a network management system 
from a portable communication device via a network, a first request to access a 
network resource located at an external server , the first request comprising one 
or more network packets, which include header and body data, and being 
configured with network sett i ngs that do not correspond to tho network attributes 
including a source address, a checksum, and a port number, wherein the 
checksum is calculated based at least in part on header and body data of one or 
more network packets : 

determining, efi— using a processor, whether to provide the portable 
communication device i s author i z e d to with access to the r e qu e st e d network 
resource, the determination being based at least in part on comparing an -one or 
more of the attributes included in the first request to a user profile database; and 
red i rect i ng, upon determining that the portable communication device is 
not author i z e d to be provided with access to the r e qu e st e d network resource, 
redirecting the portable network communication device to an authentication 
system, by perform i ng a method compr i s i ng : 

stor i ng the request to access the network resource; 
commun i cat i ng a mod i f ie d r e qu e st to a r e d i r e ct i on s e rv e r, th e 
mod i f i ed request be i ng based upon the request to access the network 
resource; 

receiving, from the redirection server, a browser red i rect message 
redirection data comprising a^resource l ocator identification data that 
identifies the authentication system, the browser red i rect message 
redirection data configured to cause the portable communication device to 
be redirected to the authentication system; and 
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sending, from the communications port of the network 
management system to the portable communication device, a mod i f i ed 
browser redirect message based upon the browser rod i roct mossago 
redirection data , the mod i f ie d browser redirect message configured to 
indicate that it was sent by the network resource and comprises attributes 
in which at least one of a source address, a checksum, and a port number 
differs from those attributes of the first request : 

whereby the portable communication device is enabled, by being 
redirected to the authentication system, to subm i t provide authentication-related 
information so that the portable communication system may be author i zed to 
provided access to_the roquostod network resource. 

57. (Currently Amended) The method of Claim 56, further comprising 
updating the user profile database upon determining that the portable communication 
device is ont i t l od to be provided with access to_the roquostod network resource. 

58. (Currently Amended) The method of Claim 56, further comprising 
maintaining in the user profile database a historical log of the portable communication 
device's access to the dest i nat i on network network resource . 

59. (Currently Amended) The method of Claim 56, wherein the first request 
is an HTTP request. 

60. (Currently Amended) The method of Claim 56, wherein determining 
whether to author i ze provide the portable communication device te- with access to the 
r e qu e st e d network resource further comprises denying the portable communication 
device access where the user profile database indicates that the portable 
communication device may not access the d e st i nat i on n e twork network resource . 

61. (Currently Amended) The method of Claim 56, wherein the attr i but e 
i nc l uded i n tho roguost i s determination of whether to provide the portable 
communication device with access to the requested network is based at least in part on 
one of a port, circuit ID, VLAN ID or MAC address. 
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62. (Previously Presented) The method of Claim 56, further comprising: 

receiving, from the portable communication device, a second request to 

access a second network resource; and 

determining that the portable communication device is authorized to 

access the second network resource, based at least upon a MAC address 

included in the second request. 
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63. (Currently Amended) A network management system configured to 
manage author i zat i on of a portab l e commun i cat i on dov i co to access to a network 
resource, tine system comprising: 

a network communications interface configured to receive, from a portable 
communication device via a network, a first request to access a network 
resource located external to the network management system , the first request 
comprising a resource locator that identifies the network resource, the first 
request being configured with n e twork s e tt i ngs that do not corr e spond to th e 
ftetwofk attributes including a source address, a checksum, and a port number, 
wherein the checksum allows for verifying correct data transmission : and 

a processor configured to determine whether to allow the portable 
communication device i s author i z e d to access the r e qu e st e d network resource, 
the determination being based at least in part on comparing an attr i bute one or 
more of the attributes included in the first request to a user profile database; 

the processor further configured to redirect the portable communication 
device to an authentication system , upon determining that not to allow the 
portable communication device i s not author i zed to access the roquostod 
network resource , tho portab l e network dov i co to an authent i cat i on system, by 
perform i ng a method compr i s i ng , by: 

stor i ng th e r e qu e st to acc e ss th e n e twork r e sourc e ; 
commun i cat i ng a mod i f i ed request to a red i rect i on server, tho 

mod i f i ed roquost bo i ng basod upon tho roquost to access tho network 



receiving, from the redirection server, a brows e r r e d i r e ct m e ssag e 
redirection data comprising a — second — resource — l ocator resource 
identification data that identifies the authentication system, the browser 
red i rect message redirection data configured to cause the portable 
communication device to be redirected to the authentication system; and 

sending, to the portable communication device, a mod i f i ed browser 
redirect message based upon the browser rod i roct mossago redirection 
data, the mod i f i ed browser redirect message indicating it originated from 
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the network resource and comprises attributes in which at least one of a 
source address, a checksum, and a port number differs from those 
attributes of the first request : 

whereby the portable communication device is enabled, by being 
redirected to the authentication system, to submit authentication-related 
information so that the portable communication system may be author i zed 
allowed to access the roquostod network resource. 

64. (Currently Amended) The network management system of Claim 63, 
wherein the processor is further configured to maintain, in the user profile database, a 
historical log of the portable communication device's access to the dest i nat i on network 
network resource . 

65. (Currently Amended) The network management system of Claim 63, 
wherein the first request is an HTTP request. 

66. (Currently Amended) The network management system of Claim 63, 
wherein determining whether to author i ze allow the portable communication device to 
access the r e qu e st e d network resource further comprises denying the portable 
communication device access where the user profile database indicates that the 
portable communication device may not access the dest i nat i on network network 
resource . 

67. (Currently Amended) The network management system of Claim 63, 
wherein the attr i bute i nc l uded i n the request i s determination of whether to allow the 
portable communication device to access the network resource is based at least in part 
on one of a port, circuit ID, VLAN ID or MAC address. 

68. (Previously Presented) The network management system of Claim 63, 
wherein the network interface is further configured to receive, from the portable 
communication device, a second request to access a second network resource, and 
wherein the processor is further configured to determine that the portable 
communication device is authorized to access the second network resource, based at 
least upon a MAC address included in the second request. 

69. (Currently Amended) The network management system of Claim 63, 
wherein the user profile database further stores information relating to an author i zed a 
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time period associated witli tine portable communication device, and wlierein tine 
determination of wlietlier to allow tlie portable communication device i s author i z e d to 
access the roquostod network resource is further based on an amount of time that has 
elapsed in relation to the author i z e d time period stored in the user profile database. 

70. (Currently Amended) The network management system of Claim 63, 
wherein the attribute included in the first request comprises a link-layer header of a 
network packet, and wherein the determination of whether to allow the portable 
communication device i s author i z e d to access the r e qu e st e d network resource is based 
both on the link-layer header of the network packet and on identification information 
provided automatically by a browser of the portable communication device. 

71 -76. (Canceled) 
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77. (Currently Amended) A method of accessing a network resource by a 
portable communication device, tine metliod performed at-by_a network management 
system in communication witli tine portable communication device, the method 
comprising: 

receiving, at a communications port of a network management system 
from a portable communication device, a first request to access a network 
reso u rce , the first request comprising one or more network packets, the first 
request further comprising attributes including a source address, a checksum, 
and a port number, wherein the checksum allows for verifying correct data 
transmission : 

determining, efi- using one or more processors, whether to provide the 
portable communication device i s author i z e d to with access to the r e qu e st e d 
network resource, the determination being based at least in part on comparing 
an attr i bute one or more of the attributes included in the first request to a user 
profile database;-aBd 

r e d i r e ct i ng, upon d e t e rm i n i ng that th e portab le commun i cat i on d e v i c e i s 
not author i zed to access tho roquostod network rosourco, tho portab l e network 
dov i co to an authent i cat i on system, by perform i ng a method compr i s i ng: 

commun i cat i ng a mod i f i ed request to a red i rect i on server, tho mod i f i ed 
r e qu e st b ei ng bas e d upon th e r e qu e st to acc e ss th e n e twork r e sourc e ; 

receiving, from redirection server, a browser red i rect message 

redirection data comprising s^resource l ocator identification data that identifies 
tl^te-an authentication system, the browser red i rect message redirection data 
configured to cause the portable communication device to be redirected to the 
authentication system; and 

sending, from the communications port of the network management 
system to the portable communication device, a mod i f i ed browser redirect 
message based upon the brows e r r e d i r e ct m e ssag e redirection data , the 
mod i f i ed browser redirect message configured to indicate that it was sent by the 
network resource , the browser redirect message being sent upon a 
determination not to provide the portable communication device with access to 
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the network resource, the browser redirect message comprising attributes in 
which at least one of a source address, a checksum, and a port number differs 
from those attributes of the first request : 

whereby the portable communication device is enabled, by being 
redirected to the authentication system, to subm i t transmit authentication-related 
information so that the portable communication system may be author i zed to 
provided access to_the roquostod network resource. 

78. (Currently Amended) The method of Claim 77, further comprising 
updating the user profile database upon determining tte ^to provide the portable 
communication device i s e nt i t le d to with access to_the r e qu e st e d network resource. 

79. (Currently Amended) The method of Claim 77, further comprising 
maintaining in the user profile database a historical log of the portable communication 
device's access to the dest i nat i on network network resource . 

80. (Currently Amended) The method of Claim 77, wherein the first request 
is an HTTP request. 

81. (Currently Amended) The method of Claim 77, wherein determining 
whether to author i ze provide the portable communication device te- with access to the 
r e qu e st e d network resource further comprises denying the portable communication 
device access where the user profile database indicates that the portable 
communication device may not access the d e st i nat i on n e twork network resource . 

82. (Currently Amended) The method of Claim 77, wherein the attr i but e 
i nc l uded i n tho roguost i s determination of whether to provide the portable 
communication device with access to the network resource is one of a port, circuit ID, 
VLAN ID or MAC address. 

83. (Currently Amended) The method of Claim 77, further comprising: 
receiving, from the portable communication device, a second request to 

access a second network resource: and 

determining that to provide the portable communication device is 
author i zed to with access to_the second network resource, based at least upon a 
MAC address included in the second request. 
84-86. (Canceled) 
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87. (Currently Amended) A network management system configured to 
manage access of a portable communication device to a network resource, tine system 
comprising: 

a network communications interface configured to receive, from a portable 
communication device, a first request to access a network resource, the request 
comprising one or more network packets, the first request further comprising a 
source address, a checksum allowing for verification of correct data 
transmission, a port number, and a resource locator that identifies the network 
resource; and 

one or more processors configured to determine whether to allow the 
portable communication device i s author i zed to access the roquostod network 
resource, the determination being based at least in part on comparing an 
attribute included in the first request to a user profile database; 

the one or more processors further configured to redirect , upon 
dotorm i n i ng that tho portab l e commun i cat i on dov i co i s not author i zed to access 
th e r e qu e st e d n e twork r e sourc e , the portable n e twork communication device to 
an authentication system, by performing a method comprising: 

commun i cat i ng a mod i f i ed roquost to a rod i roct i on sorvor, tho 

mod i f i ed request be i ng based upon tho request to access tho network 

r e sourc e ; 

receiving, from tho a redirection server, a browser red i rect 
mossago — redirection data comprising a second — resource l ocator 
identification data that identifies the authentication system, the browser 
r e d i r e ct m e ssag e redirection data configured to cause the portable 
communication device to be redirected to the authentication system; and 

sending, from the network communications interface of the network 
management system to the portable communication device, a mod i f i ed 
browser redirect message based upon the brows e r r e d i r e ct m e ssag e 
redirection data , the mod i f i ed browser redirect message indicating it 
originated from the network resource , the browser redirect message being 
sent as a result of the determination not to allow the portable 
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communication device to access the network resource, the browser 
redirect message having at least one of a source address, a checksum, 
and a port number that differs from those attributes of the first request : 
whereby the portable communication device is enabled, by being 
redirected to the authentication system, to subm i t transmit authentication-related 
information so that the portable communication system may be author i zed 
allowed to access the roquostod network resource. 

88. (Currently Amended) The network management system of Claim 87, 
wherein the processor is further configured to maintain, in the user profile database, a 
historical log of the portable communication device's access to the dest i nat i on network 
network resource . 

89. (Currently Amended) The network management system of Claim 87, 
wherein the first request is an HTTP request. 

90. (Currently Amended) The network management system of Claim 87, 
wherein determining whether to author i ze allow the portable communication device to 
access the r e qu e st e d network resource further comprises denying the portable 
communication device access where the user profile database indicates that the 
portable communication device may not access the dest i nat i on network network 
resource . 

91. (Currently Amended) The network management system of Claim 87, 
wherein the attr i bute i nc l uded i n the request i s determination of whether to allow the 
portable communication device to access the network resource is based at least in part 
on one of a port, circuit ID, VLAN ID or MAC address. 

92. (Currently Amended) The network management system of Claim 87, 
wherein the network interface is further configured to receive, from the portable 
communication device, a second request to access a second network resource, and 
wherein the processor is further configured to determine that the portable 
communication device is author i z e d allowed to access the second network resource, 
based at least upon a MAC address included in the second request. 
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93. (Currently Amended) The system of Claim 87, wherein the user profile 
database further stores information relating to an author i zod a^time period associated 
with the portable communication device, and wherein the determination of whether the 
portable communication device is author i z e d allowed to access the r e qu e st e d network 
resource is further based on an amount of time that has elapsed in relation to the 
author i zod time period stored in the user profile database. 

94. (Currently Amended) The system of Claim 87, wherein the attr i but e 
i nc l ud e d i n th e first request comprises a link-layer header of a network packet, and 
wherein the determination of whether the portable communication device is author i zod 
allowed to access the roquostod network resource is based both on the link-layer 
header of the network packet and on identification information provided automatically 
by a browser of the portable communication device. 

95. (Canceled) 

96. (Currently Amended) The system of Claim-9§ 87 , wherein the first 
request Is- comprises a network TCP packet to open a connection . 

97. (Canceled) 

98. (Currently Amended) The system of Claim 87, wherein the one or more 
processors are further configured to store the first request to access the network 
resource. 

99. (Previously Presented) The system of Claim 87, wherein the portable 
communication device communicates with the network communications interface via a 
network. 

100. (Currently Amended) The syst e m method of Claim 77, wh e r ei n 
r e d i r e ct i ng further compr i s e s comprising storing the request to access the network 
resource. 

101. (Currently Amended) The system method of Claim 77, wherein 
receiving, from a portable communication device, a first request to access a network 
resource comprises receiving, from a portable communication device via a network, a 
request to access a network resource. 



-35- 



Application No.: 09/458,602 
Filing Date: December 8, 1999 



102. (New) The method of Claim 56, wherein the portable communication 
device is redirected to the authentication system by further storing the request to 
access the network resource. 

103. (New) The method of Claim 56, wherein the portable communication 
device is redirected to the authentication system by further communicating request data 
to the redirection server, the request data being based on the first request. 

104. (New) The method of Claim 56, wherein determining whether to provide 
the portable communication device with access to the network resource comprises 
determining whether the portable communication device is authorized to access the 
requested network resource. 

105. (New) The method of Claim 56, wherein the first request is configured 
with network settings that do not correspond to the network. 

106. (New) The method of Claim 56, further comprising storing the first request 
to access a network resource. 

107. (New) The method of Claim 56, further comprising communicating a 
modified request to a redirection server, the modified request being based upon the first 
request to access the network resource. 

108. (New) The method of Claim 56, wherein the redirection data comprises a 
browser redirect message. 

109. (New) The method of Claim 56, wherein the method is performed by 
single device. 

110. (New) The method of Claim 56, wherein the method is performed by 
multiple devices in communication with each other. 

111. (New) The method of Claim 56, wherein the network management system 
is a gateway device. 

112. (New) The network management system of Claim 63, wherein the first 
request is configured with network settings that do not correspond to the network. 

113. (New) The network management system of Claim 63, wherein the 
processor is further configured to store the first request to access the network resource. 

114. (New) The network management system of Claim 63, wherein the 
processor is further configured to communicate a modified request to the redirection 
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server, the modified request being based upon tine first request to access tine network 
resource. 

115. (New) Tine network management system of Claim 63, wlierein tine 
redirection data comprises a browser redirect message. 

116. (New) Tine network management system of Claim 63, wherein the 
processor is further configured to determine whether the portable communication 
device is authorized to access the network resource. 

117. (New) The network management system of Claim 63, wherein the 
network management system is a gateway device. 

118. (New) The method of Claim 77, wherein the determination of whether to 
provide the portable communication device with access to the network resource is 
based at least in part on a port. 

119. (New) The method of Claim 77, wherein the determination of whether to 
provide the portable communication device with access to the network resource is 
based at least in part on a circuit ID. 

120. (New) The method of Claim 77, wherein the determination of whether to 
provide the portable communication device with access to the network resource is 
based at least in part on a VLAN ID. 

121. (New) The method of Claim 77, wherein the determination of whether to 
provide the portable communication device with access to the network resource is 
based at least in part on a MAC address. 

122. (New) The method of Claim 77, further comprising communicating 
request-related data to a redirection server, the request-related data being based on the 
first request to access the network resource. 

123. (New) The method of Claim 77, wherein the resource identification data is 

a URL. 

124. (New) The method of Claim 77, wherein the resource identification data is 
a network address. 

125. (New) The method of Claim 77, wherein the step of determining whether 
to provide the portable communication device with access to the network resource 
precedes the step of receiving the redirection data. 
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126. (New) The method of Claim 77, wherein determining whether to provide 
the portable communication device with access to the network resource comprises 
determining whether the portable communication device is authorized to access the 
requested network resource. 

127. (New) The method of Claim 130, further comprising redirecting, upon 
determining that the portable communication device is not authorized to access the 
requested network resource, the portable communication device to an authentication 
system. 

128. (New) The method of Claim 77, further comprising communicating a 
modified request to a redirection server, the modified request being based upon the 
request to access the network resource. 

129. (New) The method of Claim 77, wherein the redirection data comprises a 
browser redirect message. 

130. (New) The method of Claim 77, wherein the method is performed by 
single device. 

131. (New) The method of Claim 77, wherein the method is performed by 
multiple devices in communication with each other. 

132. (New) The method of Claim 77, wherein the network management system 
is a gateway device. 

133. (New) The network management system of Claim 87, wherein the one or 
more processors are configured to determine whether to allow the portable 
communication device to access the requested network resource based at least in part 
on a port. 

134. (New) The network management system of Claim 87, wherein the one or 
more processors are configured to determine whether to allow the portable 
communication device to access the requested network resource based at least in part 
on a circuit ID. 

135. (New) The network management system of Claim 87, wherein the one or 
more processors are configured to determine whether to allow the portable 
communication device to access the requested network resource based at least in part 
on a VLAN ID. 
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136. (New) The network management system of Claim 87, wherein the one or 
more processors are configured to determine whether to provide the portable 
communication device with access to the requested network is based at least in part on 
a MAC address. 

137. (New) The network management system of Claim 87, wherein the one or 
more processors are further configured to communicate request-related to a redirection 
server, the request-related data being based on the first request to access the network 
resource. 

138. (New) The network management system of Claim 87, wherein the 
resource identification data is a URL. 

139. (New) The network management system of Claim 87, wherein the 
resource identification data is a network address. 

140. (New) The network management system of Claim 87, wherein the one or 
more processors are further configured to determine whether to provide the portable 
communication device with access to the network resource prior to receiving the 
redirection data. 

141. (New) The network management system of Claim 87, wherein the one or 
more processors are further configured to determine whether the portable 
communication device is authorized to access the network resource. 

142. (New) The network management system of Claim 87, wherein the one or 
more processor are further configured to redirect upon determining that the portable 
communication device is not authorized to access the requested network resource. 

143. (New) The network management system of Claim 87, wherein the one or 
more processors are further configured to communicate a modified request to a 
redirection server, the modified request being based upon the request to access the 
network resource. 

144. (New) The network management system of Claim 87, wherein the 
redirection data comprises a browser redirect message. 

145. (New) The network management system of Claim 87, wherein the one or 
more processors are comprised in the same housing. 
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146. (New) The network management system of Claim 87, wherein the one or 
more processors are comprised in the separate housings. 

147. (New) The network management of Claim 87, wherein the network 
management system is a gateway device. 
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